@Override protected void doGet(HttpServletRequest request, HttpServletResponse response, final ConfiguredObject<?> managedObject) throws ServletException, IOException { getRandom(request); AuthenticationProvider<?> authenticationProvider = getAuthenticationProvider(request); List<String> mechanismsList = authenticationProvider.getAvailableMechanisms(request.isSecure()); String[] mechanisms = mechanismsList.toArray(new String[mechanismsList.size()]); Map<String, Object> outputObject = new LinkedHashMap<String, Object>(); final Subject subject = Subject.getSubject(AccessController.getContext()); final Principal principal = AuthenticatedPrincipal.getOptionalAuthenticatedPrincipalFromSubject(subject); if(principal != null) { outputObject.put("user", principal.getName()); } else if (request.getRemoteUser() != null) { outputObject.put("user", request.getRemoteUser()); } outputObject.put("mechanisms", (Object) mechanisms); sendJsonResponse(outputObject, request, response); }
private void validateAuthenticationMechanisms(final AuthenticationProvider<?> authenticationProvider, final Set<Transport> transports) { List<String> availableMechanisms = new ArrayList<>(authenticationProvider.getMechanisms()); if(authenticationProvider.getDisabledMechanisms() != null) { availableMechanisms.removeAll(authenticationProvider.getDisabledMechanisms()); } if (availableMechanisms.isEmpty()) { throw new IllegalConfigurationException("The authentication provider '" + authenticationProvider.getName() + "' on port '" + getName() + "' has all authentication mechanisms disabled."); } if (hasNonTLSTransport(transports) && authenticationProvider.getSecureOnlyMechanisms() != null) { availableMechanisms.removeAll(authenticationProvider.getSecureOnlyMechanisms()); if(availableMechanisms.isEmpty()) { throw new IllegalConfigurationException("The port '" + getName() + "' allows for non TLS connections, but all authentication " + "mechanisms of the authentication provider '" + authenticationProvider.getName() + "' are disabled on non-secure connections."); } } }
public SaslNegotiator createSaslNegotiator(String mechanism, final SaslSettings saslSettings) { return _authenticationProvider.createSaslNegotiator(mechanism, saslSettings, _addressSpace); }
@Override public boolean equals(final Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } final UsernamePrincipal that = (UsernamePrincipal) o; if (!_name.equals(that._name)) { return false; } if (_authenticationProvider == null || that._authenticationProvider == null) { return _authenticationProvider == null && that._authenticationProvider == null; } return (_authenticationProvider.getType().equals(that._authenticationProvider.getType()) && _authenticationProvider.getName().equals(that._authenticationProvider.getName())); }
@Override public ProtocolEngine newProtocolEngine(Broker<?> broker, ServerNetworkConnection network, AmqpPort<?> port, Transport transport, long id, final AggregateTicker aggregateTicker) { final AuthenticationProvider<?> authenticationProvider = port.getAuthenticationProvider(); Set<String> supportedMechanisms = new HashSet<>(authenticationProvider.getMechanisms()); supportedMechanisms.removeAll(authenticationProvider.getDisabledMechanisms()); if(!transport.isSecure()) { supportedMechanisms.removeAll(authenticationProvider.getSecureOnlyMechanisms()); } if(supportedMechanisms.contains(AnonymousAuthenticationManager.MECHANISM_NAME) || (supportedMechanisms.contains(ExternalAuthenticationManagerImpl.MECHANISM_NAME) && network.getPeerPrincipal() != null)) { final AMQPConnection_1_0Impl amqpConnection_1_0 = new AMQPConnection_1_0Impl(broker, network, port, transport, id, aggregateTicker); amqpConnection_1_0.create(); return amqpConnection_1_0; } else { LOGGER.info( "Attempt to connect using AMQP 1.0 without using SASL authentication on a port which does not support ANONYMOUS or EXTERNAL by " + network.getRemoteAddress()); return null; } }
public SubjectAuthenticationResult authenticate(SaslNegotiator saslNegotiator, byte[] response) { AuthenticationResult authenticationResult = saslNegotiator.handleResponse(response); if(authenticationResult.getStatus() == AuthenticationStatus.SUCCESS) { return createResultWithGroups(authenticationResult); } else { if (authenticationResult.getStatus() == AuthenticationStatus.ERROR) { String authenticationId = saslNegotiator.getAttemptedAuthenticationId(); _authenticationProvider.getEventLogger().message(AUTHENTICATION_FAILED(authenticationId, authenticationId != null)); } return new SubjectAuthenticationResult(authenticationResult); } }
public ServerConnectionDelegate(AmqpPort<?> port, boolean secure, final String selectedHost) { _port = port; _broker = (Broker<?>) port.getParent(); _mechanisms = new ArrayList<>(port.getAuthenticationProvider().getAvailableMechanisms(secure)); _maxNoOfChannels = port.getSessionCountLimit(); _subjectCreator = port.getSubjectCreator(secure, selectedHost); _maximumFrameSize = Math.min(0xffff, _broker.getNetworkBufferSize()); }
if(mechanism != null) if(id == null && authenticationProvider.getAvailableMechanisms(request.isSecure()).contains(mechanism))
for(String mechanismName : getPort().getAuthenticationProvider().getAvailableMechanisms(getTransport().isSecure()))
@Override public void receiveSaslInit(final SaslInit saslInit) { assertState(ConnectionState.AWAIT_SASL_INIT); if(saslInit.getHostname() != null && !"".equals(saslInit.getHostname().trim())) { _localHostname = saslInit.getHostname(); } else if(getNetwork().getSelectedHost() != null) { _localHostname = getNetwork().getSelectedHost(); } String mechanism = saslInit.getMechanism().toString(); final Binary initialResponse = saslInit.getInitialResponse(); byte[] response = initialResponse == null ? new byte[0] : initialResponse.getArray(); List<String> availableMechanisms = _subjectCreator.getAuthenticationProvider().getAvailableMechanisms(getTransport().isSecure()); if (!availableMechanisms.contains(mechanism)) { handleSaslError(); } else { _saslNegotiator = _subjectCreator.createSaslNegotiator(mechanism, this); processSaslResponse(response); } }
for (String name : authenticationProvider.getAvailableMechanisms(getTransport().isSecure())) final List<String> mechanisms = authenticationProvider.getAvailableMechanisms(getTransport().isSecure());